Vonage Forum Master
Joined: Oct 08, 2004
2 Charged in Scheme Said to Defraud Internet Phone Providers
By KEN BELSON and TOM ZELLER Jr.
Published: June 8, 2006
Federal authorities yesterday arrested a Miami man who they said made more than $1 million in a hacking scheme involving the resale of Internet telephone service.
The suspect is accused of surreptitiously routing calls through the lines of legitimate Internet phone companies, saddling them with the expense of carrying the traffic while he pocketed the connection fees from customers. A second man was arrested in Washington State, and charged with aiding in the scheme.
The case, representing an elaborate new form of Internet hacking, raises fresh questions about the security of phone traffic over largely unregulated networks.
Prosecutors say that starting in November 2004, Edwin Andres Pena, 23, a Venezuelan who has permanent residency in the United States and lives in Miami, used two companies he started to offer wholesale phone connections at discounted rates. Such companies typically help connect long-distance calls by buying minutes from large carriers and reselling them for a profit to smaller phone companies.
But instead of buying access to other networks to connect his clients' calls, Mr. Pena is said to have conspired with Robert Moore, a 22-year-old hacker in Spokane, Wash., to create "what amounted to 'free' routes by surreptitiously hacking into the computer networks" of unwitting Internet phone providers, and then routing his customers' calls over those providers' systems, the federal complaint says.
To evade detection, Mr. Pena is said to have first funneled the calls through hacked network ports at other companies, including one run by an unsuspecting investment company in Rye Brook, N.Y., after Mr. Moore found that a network router there was unprotected. These steps made it appear as if this company were originating the calls.
In a three-week period, for instance, prosecutors say one victimized Internet phone provider, based in Newark, handled about 500,000 calls made to look as if they came from the company in Rye Brook.
In all, more than 15 Internet phone companies, including the one in Newark, were left having to pay as much as $300,000 each in connection fees for routing the phone traffic to other carriers without receiving any revenue for the calls, prosecutors said.
"Emerging technologies and the Internet represent a sea of opportunity for business but also for sophisticated criminals," Christopher J. Christie, the United States attorney in New Jersey, whose office is prosecuting the case, said in a statement. "The challenge, which we and the F.B.I. continue to meet with investigations and prosecutions like this one, is to stay ahead of the cyber-criminal and protect legitimate commerce."
Mr. Pena was charged with one count of wire fraud, which carries a maximum penalty of 20 years in prison, and one count of computer fraud, with a maximum term of 5 years; each count could also result in a $250,000 fine. Mr. Pena appeared in court in Miami yesterday, and was jailed overnight pending a bail hearing today.
Mr. Moore, who is said to have received about $20,000 from Mr. Pena for his work, was charged with conspiracy, punishable by a five-year jail term and a $250,000 fine. He appeared in court in Spokane and was released on bail.
The companies in Newark and Rye Brook and others said to have been victims were identified only by their initials in the complaint, which was filed in United States District Court in Newark.
One affected company in Newark was named N.T.P. in the complaint.
One prominent Internet phone company in Newark is Net2Phone. That company and its parent, IDT, did not return calls for comment.
The Rye Brook company, identified in the complaint as a hedge fund, was referred to by the initials O.H.
To date, most of the concern about the safety of Internet-based communications has focused on the ability of criminals to eavesdrop on calls, to generate fake caller ID's and to steal long-distance phone service.
In this case, however, Mr. Pena is said to have mimicked legitimate telecommunications brokers who often buy "minutes" worth of capacity on large networks at, say, half a cent a minute and resell it to smaller Internet phone providers at 1 cent a minute, keeping the difference.
But instead of buying those minutes, he is accused of manipulating voice-over-Internet services that break conversations into data packets and route them over the Internet. Each packet carries a prefix that identifies the carrier handling the call, and its origin and destination.
Mr. Pena is said to have appended stolen prefixes to his customers' calls, allowing them to piggyback on other phone company networks. At its core, industry experts say, such a scheme is technologically straightforward for a hacker with knowledge of how Internet phone companies work, particularly new service providers that are sprouting up and spend relatively little securing their servers and routers.
"The technical side of this a 14-year-old can do," said Tom Kershaw, the vice president for voice-over-Internet-protocol services at VeriSign, an Internet security company. "There are many vulnerabilities."
The scheme attributed to Mr. Pena appears to have begun not long after his arrival in the United States. A family friend, Juan Fortes, a 70-year-old Cuban-American, said Mr. Pena landed in Miami a couple of years ago and rented a room in his single-story red brick house in a quiet neighborhood in southwest Miami.
"His mom contacted me some time ago, and she said he didn't have work or a place to stay, so I helped him out; he was a good young man," Mr. Fortes said.
Because Mr. Pena was not a legal resident, he persuaded Mr. Fortes to start a company in September 2004 called Fortes Telecom Inc., Mr. Fortes said. Mr. Fortes, who claims to have only a passing knowledge of computers, said he and Mr. Pena bought PC's together.
A few months later, Mr. Fortes said, Mr. Pena married, obtained a permanent resident's visa and moved out. Fortes Telecom was dissolved, and last September, Mr. Pena started a new company, Miami Tech and Consulting Inc., prosecutors said.
Mr. Fortes said that he had not spoken to Mr. Pena in a long time, and that he had been questioned by the police, who took his computer and bank information.
Federal investigators said the roots of the scheme lay in Mr. Pena's ability to obtain the prefixes used by Internet phone companies to identify their voice calls. He did so, they said, by repeatedly slamming Internet phone networks with test calls, each using a prefix variant — a method known in hacking circles as a "brute-force" attack.
The attack would continue until a prefix match allowed a call to penetrate the network.
According to the complaint, Mr. Pena turned to Mr. Moore, whose Web site, moorer-software.com, was still visible yesterday displaying links to various hacking sites and downloadable software like the Global Brute Forcer, to create cover for the scheme.
Mr. Moore is accused of performing "an exhaustive scan of computer networks of unsuspecting companies and other entities in the United States and around the world, searching for vulnerable ports."
The complaint notes that AT&T recorded some six million scans of its worldwide network attributable to Mr. Moore from June to October of last year. During that period, only two users made more scans of AT&T's network, the complaint said.
Once vulnerable ports were found, prosecutors said, Mr. Moore delivered the network addresses — along with hacked administration names and passwords — to Mr. Pena, who used them to reprogram the routers to allow Internet call traffic to flow through them and obscure the real origin of the calls.
In other cases, the pair would bounce traffic off Internet servers rented under false names, including the aliases "David Hauster" and "Jake Hamilton."
The ease with which Mr. Pena and Mr. Moore are said to have constructed the scheme is an indication that though Internet-based communications have ushered in more flexible and far cheaper phone services, they have also made it easier for hackers to manipulate the system.
"In terms of consumer Internet phone services, it's really the Wild West out there," said Andy Zmolek, a manager in the security planning and strategy group at Avaya, a telephone equipment maker. "This is just the tip of the iceberg."
Prosecutors said Mr. Pena appeared to have used the more than $1 million he received from his customers to go on a spending spree, buying real estate in South Florida, a 40-foot Sea Ray Mercruiser motor boat, and luxury cars, including a Cadillac Escalade and a BMW, which authorities confiscated yesterday.
He did not appear to be shy about showing off his new possessions, frequently posting pictures of his cars on Web sites devoted to car enthusiasts — including unitedbimmer.com, a BMW fan forum where Mr. Pena displayed his 2004 M3.
Tommy Hoyer, a moderator at the site, said Mr. Pena was a generous contributor to the forum's upkeep and activities, including last year's Christmas toy drive, in which he was the single largest contributor.
"He posted pictures and videos of his car, and obviously people were impressed," Mr. Hoyer said. "Many people kept asking, What does he do? What does he do?"
Mr. Hoyer said Mr. Pena, when asked, would say only that he worked at home.